mirrored/vaultwarden
1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-09-28 21:53:55 +02:00
Code Issues Releases Aktivität

Add fixes suggested by clippy

Quellcode durchsuchen
Dieser Commit ist enthalten in:
0x0fbc 2024-06-11 13:35:53 -04:00 committet von Mathijs van Veluw
Ursprung 7aaa7a32a7
Commit 467ac3e9e2
2 geänderte Dateien mit 14 neuen und 14 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Diff-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

24
src/api/core/two_factor/duo_oidc.rs
Datei anzeigen

@ -143,14 +143,14 @@ impl DuoClient {
} }
// Generate a client assertion for health checks and authorization code exchange. // Generate a client assertion for health checks and authorization code exchange.
fn new_client_assertion(&self, url: &String) -> ClientAssertion { fn new_client_assertion(&self, url: &str) -> ClientAssertion {
let now = Utc::now().timestamp(); let now = Utc::now().timestamp();
let jwt_id = crypto::get_random_string_alphanum(STATE_LENGTH); let jwt_id = crypto::get_random_string_alphanum(STATE_LENGTH);
ClientAssertion { ClientAssertion {
iss: self.client_id.clone(), iss: self.client_id.clone(),
sub: self.client_id.clone(), sub: self.client_id.clone(),
aud: url.clone(), aud: url.to_string(),
exp: now + JWT_VALIDITY_SECS, exp: now + JWT_VALIDITY_SECS,
jti: jwt_id, jti: jwt_id,
iat: now, iat: now,
@ -162,7 +162,7 @@ impl DuoClient {
match jsonwebtoken::encode( match jsonwebtoken::encode(
&Header::new(JWT_SIGNATURE_ALG), &Header::new(JWT_SIGNATURE_ALG),
&jwt_payload, &jwt_payload,
&EncodingKey::from_secret(&self.client_secret.as_bytes()), &EncodingKey::from_secret(self.client_secret.as_bytes()),
) { ) {
Ok(token) => Ok(token), Ok(token) => Ok(token),
Err(e) => err!(format!("Error encoding Duo JWT: {e:?}")), Err(e) => err!(format!("Error encoding Duo JWT: {e:?}")),
@ -328,8 +328,8 @@ impl DuoClient {
Err(e) => err!(format!("Failed to decode Duo token {e:?}")), Err(e) => err!(format!("Failed to decode Duo token {e:?}")),
}; };
let matching_nonces = crypto::ct_eq(&nonce, &token_data.claims.nonce); let matching_nonces = crypto::ct_eq(nonce, &token_data.claims.nonce);
let matching_usernames = crypto::ct_eq(&duo_username, &token_data.claims.preferred_username); let matching_usernames = crypto::ct_eq(duo_username, &token_data.claims.preferred_username);
if !(matching_nonces && matching_usernames) { if !(matching_nonces && matching_usernames) {
err!("Error validating Duo authorization, nonce or username mismatch.") err!("Error validating Duo authorization, nonce or username mismatch.")
@ -409,13 +409,13 @@ fn make_callback_url(client_name: &str) -> Result<String, Error> {
// Returns the "AuthUrl" that should be returned to clients for MFA. // Returns the "AuthUrl" that should be returned to clients for MFA.
pub async fn get_duo_auth_url( pub async fn get_duo_auth_url(
email: &str, email: &str,
client_id: &String, client_id: &str,
device_identifier: &String, device_identifier: &String,
conn: &mut DbConn, conn: &mut DbConn,
) -> Result<String, Error> { ) -> Result<String, Error> {
let (ik, sk, _, host) = get_duo_keys_email(email, conn).await?; let (ik, sk, _, host) = get_duo_keys_email(email, conn).await?;
let callback_url = match make_callback_url(client_id.as_str()) { let callback_url = match make_callback_url(client_id) {
Ok(url) => url, Ok(url) => url,
Err(e) => return Err(e), Err(e) => return Err(e),
}; };
@ -447,8 +447,8 @@ pub async fn get_duo_auth_url(
pub async fn validate_duo_login( pub async fn validate_duo_login(
email: &str, email: &str,
two_factor_token: &str, two_factor_token: &str,
client_id: &String, client_id: &str,
device_identifier: &String, device_identifier: &str,
conn: &mut DbConn, conn: &mut DbConn,
) -> EmptyResult { ) -> EmptyResult {
let email = &email.to_lowercase(); let email = &email.to_lowercase();
@ -484,10 +484,10 @@ pub async fn validate_duo_login(
}; };
// Context validation steps // Context validation steps
let matching_usernames = crypto::ct_eq(&email, &ctx.user_email); let matching_usernames = crypto::ct_eq(email, &ctx.user_email);
// Probably redundant, but we're double-checking them anyway. // Probably redundant, but we're double-checking them anyway.
let matching_states = crypto::ct_eq(&state, &ctx.state); let matching_states = crypto::ct_eq(state, &ctx.state);
let unexpired_context = ctx.exp > Utc::now().timestamp(); let unexpired_context = ctx.exp > Utc::now().timestamp();
if !(matching_usernames && matching_states && unexpired_context) { if !(matching_usernames && matching_states && unexpired_context) {
@ -499,7 +499,7 @@ pub async fn validate_duo_login(
) )
} }
let callback_url = match make_callback_url(client_id.as_str()) { let callback_url = match make_callback_url(client_id) {
Ok(url) => url, Ok(url) => url,
Err(e) => return Err(e), Err(e) => return Err(e),
}; };

4
src/api/identity.rs
Datei anzeigen

@ -503,7 +503,7 @@ async fn twofactor_auth(
let twofactor_code = match data.two_factor_token { let twofactor_code = match data.two_factor_token {
Some(ref code) => code, Some(ref code) => code,
None => { None => {
err_json!(_json_err_twofactor(&twofactor_ids, &user.uuid, &data, conn).await?, "2FA token not provided") err_json!(_json_err_twofactor(&twofactor_ids, &user.uuid, data, conn).await?, "2FA token not provided")
} }
}; };
@ -550,7 +550,7 @@ async fn twofactor_auth(
} }
_ => { _ => {
err_json!( err_json!(
_json_err_twofactor(&twofactor_ids, &user.uuid, &data, conn).await?, _json_err_twofactor(&twofactor_ids, &user.uuid, data, conn).await?,
"2FA Remember token not provided" "2FA Remember token not provided"
) )
} }